CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter

CVE-2015-8379

Affected version: >=2.0.0-alpha,<3.1.5

Reported by:
GitHub

Cross-Site Request Forgery in CakePHP

CVE-2020-15400

Affected version: <3.10.3|>=4.0.0,<4.0.6

Reported by:
GitHub

Unsafe deserialization in SmtpTransport

CVE-2019-11458

Affected version: >=3.0.0,<3.5.18|>=3.6.0,<3.6.15|>=3.7.0,<3.7.7

Reported by:
FriendsOfPHP/security-advisories, GitHub

Remote File Inclusion through View template name manipulation

Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.99|>=2.4.0,<2.4.99|>=2.5.0,<2.5.99|>=2.6.0,<2.6.12|>=2.7.0,<2.7.6|>=3.0.0,<3.0.15|>=3.1.0,<3.1.4

Reported by:
FriendsOfPHP/security-advisories, GitHub

Denial of Service attack through XML payloads

Affected version: >=3.0.0,<3.0.6|>=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.99|>=2.4.0,<2.4.99|>=2.5.0,<2.5.90|>=2.6.0,<2.6.6

Reported by:
FriendsOfPHP/security-advisories, GitHub

Incorrect CSRF validation

Affected version: >=3.0.0,<3.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub